Decoupling compliance from security operations and controls is a cornerstone of CISO Assistant philosophy. Let's see it through this short animation:

• Translating the libraries (in-coming)

You can contribute to interface translations using a tool called fink.

1. Copy the URL of the CISO Assistant GitHub repository: https://github.com/intuitem/ciso-assistant-community

2. Visit fink and paste the URL you just copied.

3. Sign in using your GitHub account.

4. Click the 'fork' button at the bottom of the page. You may need to refresh the page to start contributing.

5. Select the language(s) you wish to translate, or add new ones.

6. Edit translations.
7. When you are done, you can press the button at the bottom of the page to push the changes you made.
8. When your translations are ready, on .

Read for more information.

This guide details how to configure the bidirectional synchronization between CISO Assistant and ServiceNow. This integration allows you to:

• Automatically create ServiceNow records (e.g. GRC Controls) from CISO Assistant.

• Sync updates (Status, Priority, etc.) from CISO Assistant to ServiceNow.

• Receive real-time updates from ServiceNow back into CISO Assistant via Webhooks.

For now, you are only able to sync CISO Assistant's applied controls to a ServiceNow table.

Prerequisites

Before starting, ensure you have:

1. ServiceNow Credentials: A service account with permissions to read/write to your target table (e.g., grc_control) and access the REST API.

2. ServiceNow Admin Access: Required to create Outbound REST Messages and Business Rules for the inbound sync.

3. CISO Assistant Details:

Part 1: Outgoing Sync

First, configure CISO Assistant to connect to your ServiceNow instance.

1. Create Integration:

   • Go to Settings > Integrations.

   • Add a new ServiceNow integration.

Part 2: Incoming Sync

If you with to receive updates from ServiceNow, you first have to enable incoming sync in the ServiceNow integration settings panel.

Configure incoming sync in CISO Assistant

1. Generate a shared secret.

2. This secret is only shown once, make sure you Copy it before proceeding.

Configure ServiceNow

To receive updates from ServiceNow, you must configure a Business Rule that pushes data to CISO Assistant.

Create the Outbound REST Message

This defines where ServiceNow sends the data.

1. Log in to ServiceNow.

2. Navigate to System Web Services > Outbound > REST Message.
3. Click New.

Configure the HTTP Method

1. In the REST Message record, scroll to the HTTP Methods list.

2. Create a New method (or edit the default one):

   • Name: POST_Event

Create the Business Rule

This triggers the sync whenever a record changes.

1. Navigate to System Definition > Business Rules.

2. Click New.

3. Name: Push to CISO Assistant.

Click Submit.

Usage

Once the integration is configured and enabled, CISO Assistant will start synchronizing applied controls with ServiceNow records.

• For each applied control, a new record will be created in the configured ServiceNow table if you check 'Create remote object' in the applied control creation form.

• The ServiceNow record will contain information from the applied control, such as its name, description, and status.

• A link to the ServiceNow record will be displayed on the applied control page in CISO Assistant.

The synchronization is automatic. Any update on an applied control in CISO Assistant will be reflected in the corresponding ServiceNow record.

Attaching an applied control to a ServiceNow record

There are several ways to link an applied control to a ServiceNow record:

• On applied control creation:

  • Open the Integrations dropdown menu located at the bottom of the form

  • Select the ServiceNow integration provider

• On an existing applied control:

  • Go to an applied control's edit form

  • Open the Integrations dropdown menu located at the bottom of the form

Notes:

• The default sync period on SaaS is at 60 seconds.

• The API needs to be enabled and the instance reachable. If you're on SaaS plan, you can reach the support to do so.

• For on-premises deployments, you might want to adapt scheduler-interval value on Huey

Verification & Troubleshooting

How to Verify

1. Create a new Control in CISO Assistant. Check ServiceNow to see if the record appears.

2. Update the State of that record in ServiceNow. Refresh CISO Assistant to see the status change.

Common Errors

CISO Assistant is intended to be a multi-paradigm tool to suit everyone's background and approch to cyber security program organisation.

With that being said here are some standard recommendations to get the most of it, if you are just starting:

1. Map your organisation to the domains/perimeters (or create basic ones)

2. Add your users and assign them to the groups (SSO and MFA available even in Community)

3. (recommended) Identify what are the assets to protect

4. (recommended) Enumerate your existing capabilities/controls

5. Define your baseline and focus on the basics - pick your controls and/or create new ones

6. Get your actions implemented and reflect that on your audit progress

7. Conduct a contextual risk assessment

8. Share the insights with your organisation, review the priorities, and keep it alive

9. Expand your coverage: periodic tasks, incidents, TPRM, findings managements, etc.

10. Always keep focus on the actions and reflect their data on the other concepts

New! Config Builder

Customize the local deployment according to your needs:

Docker compose

Make sure to have Docker and Docker Compose installed on your system.

• clone the repo:

git clone https://github.com/intuitem/ciso-assistant-community.git

• run the preparation script and follow the instructions:

./docker-compose.sh

you can also find other variants for different setups as a starting point for your specific needs.

Helm chart

Make sure to have Helm binary installed and switch to your cluster context.

1. add the helm repository

helm repo add intuitem https://intuitem.github.io/ca-helm-chart/

1. get the default values

helm show values intuitem/ciso-assistant > my-values.yaml

1. check and adjust them to your needs, specifically the frontendOrigin parameter

2. create a namesapce for your deployment

kubectl create ns ciso-assistant

1. install

helm install my-octopus intuitem/ciso-assistant -f my-values.yaml -n ciso-assistant

A different take on Cyber Security Posture Management

• explicitly decoupling compliance from cyber-security practices implementation

• providing simplified tools for decision-making

• providing capabilities for a program, product, or an organization assessment against standard frameworks

• you can bring your own framework as well using a simplified DSL

• aim to be a one-stop-shop for cyber security management and cover the layers of GRC (Governance, Risk and Compliance)

An open-source GRC tool

CISO Assistant is open source and the code is available on GitHub. Just follow the instructions to deploy it yourself or go to our website to request a cloud trial instance. You can read the about our switch.

About the SaaS and PRO plan

Quick links

Get Started

In a hurry? checkout the for overviews in English and French 🤗

We've put together some helpful guides for you to get setup with our product quickly and easily.

Model

We've detailed our model to help you understand how everything is organized

1. Firstly, we need to import some external objects before starting our risk assessment: a matrix, threats and reference controls.

2. We can create the risk assessment, and let's take a look inside.

3. We find three parts: details about the assessment, the list of associated risk scenarios and the risk matrix view.

4. Let's add the first scenario and do the current assessment of it.

1. From now on, you won't necessarily follow the same steps depending on your needs. In this example I choose to mitigate the scenario by creating an applied control for it.

2. We go back in the scenario edit view, add the freshly created applied control, do the residual assessment and choose a strength of knowledge level.

Congratulation! 🎉 If you followed the three last pages, you have just created your first assessments on CISO Assistant! The following section will show you how to use our management tools 🔎

1. Once logged in, the first step is to create a domain. Let's call it R&D.

2. Then we create the perimeter inside of it or from the perimeter list view.

1. After creating the perimeter, we'll have to import a framework, for example ISO/IEC 27001:2022.

2. Once it is imported, we can now create the compliance assessment (ISO/IEC 27001:2022 is auto-selected as it is the only imported framework).

3. You can edit it if needed, or go directly into the assessment. Each requirement has a To do status by default.

4. Finally, we can select a requirement and start its assessment by adding applied controls or evidences and update its status to complete the progress bars.

"I'm just curious and want to see what the tool is about."

Quick start and pick your framework and/or matrix

"I need to comply with a specific regulation or standard"

• Identify the scopes (domains/perimeters)

• Pick your frameworks

• Start an audit

• Link or create your applied controls

• ♻️ Track the applied controls progress, attach evidences and reflect the progress on the audit

"I want to conduct risk assessments and keep track on a risk register"

• Identify the scopes (domains/perimeters)

• Pick your matrix

• Add or import your assets

• Add or import your threats

"I have multiple vendors that I need to identify their cyber security posture"

• Identify the scopes (domains/perimeters)

• Create the vendors (entities) and their products or services (solutions)

• Identify a framework to assess them and trigger an entity assessment

"I have a list of findings or issues that I need to track"

• Identify the scopes (domains/perimeters)

• Start a follow-up

• Add or import your findings

• Link or create the applied controls

Analytics

The main page to manage your perimeters through time. You can focus on risk or compliance with their respective tabs or have a global view from the governance one.

You can find on the bottom of the governance tab an applied controls ranking score and a watch list to warn you about incoming deadlines on applied controls or risk acceptances.

Composer

This is a specific tab where you can cross-referencing analytics from different risk assessments.

It will also tell you if one or many selected risk assessments should be reviewed based on inconsistencies found by x-rays.

Calendar

An integrated calendar to track the ETA of upcoming/expired applied controls or risk acceptances.

Applicable for: Data import wizard (Pro) and CLI (Community and Pro)

Overview

If the object supports the domain column, the wizard will attempt to add the object to it, given you have the permission to do so. If the domain is not set, the wizard will default to the fallback domain set on the wizard form.

Fields with (*) are mandatory and don't have any supported fallback.

Unless marked as mandatory, ref_id fields can be left blank but the column must still exist.

📦 Assets

Template

Supported fields

• ref_id

• name*

• description

• domain

Special considerations

• type will default to supporting if the column does not exist

⚙️ Applied controls

Template

Supported fields

• ref_id

• name*

• description

• domain

Special considerations

• status will default to to_do

• csf_function will default to govern

📦 Perimeters

Template

Supported fields

• ref_id

• name*

• description

• domain

📃 Audits

Template

To avoid any mixup on the expected fields and the requirements reference, you can get a template for the expected framework by going into Catalog/Frameworks

The framework needs to be loaded and when clicking on it, you'll see a button to get the excel file.

Supported fields

• urn*

• assessable

• ref_id*

• name

Special considerations

• The wizard will attempt to match based on the ref_id and fallback to the urn otherwise. If none could be used, the row will be skipped.

• name and description columns are not used but serve as an anchor point for reference.

• Assessable will fallback to false

🐞 Findings followup (eg. pentest)

Template

Supported fields

• ref_id

• name*

• description

• severity

👥 Users

Template

Supported fields

• email*

• first_name

• last_name

☣️ Risk assessment

The risk assessment is an advanced object that needs special considerations. Make sure to pick the matrix that will be used to map your labels to the values on CISO Assistant. If you have a specific matrix, you should start by including it as a custom library.

inherent_level, current_level and residual_level are kept on the excel sample just for visual aid. The application computes them based on impact and probability to ensure consistency with the matrix definition.

Controls are created on picked based on the perimeter's domain. Line breaks are used as seperator.

Supported fields:

• ref_id

• name*

• description

• inherent_impact

⚙️ Elementary actions

Elementary actions are useful to model a killchain during the 4th workshop of an EBIOS RM study.

Supported fields:

• ref_id

• name*

• description

• attack_stage*

Reference controls

Reference controls are templates of the controls to apply. The supported fields are:

• ref_id

• name

• description

• category

Reference controls can be bundled also as a library.

Threats

• ref_id

• name

• description

• domain

Third parties ecosystems

Adding entities, solutions and contracts go through the same file to be able to keep consistent relationships. Each concept needs to be on a separate tab of the excel sheet.

The file has to be divided into 3 sheets namely "Entities", "Solutions" and "Contracts"

Supported fields

*: Required fields

Entities

• ref_id

• name *

• description

Solutions

• ref_id

• name *

• description

Contracts

• ref_id

• name *

• description

Processings

Template

Supported fields

• internal_id

• ref_id

• name*

• description

Policies

Supported fields

• ref_id

• name

• description

• domain

Exceptions

Supported fields

• ref_id

• name

• description

• domain

Incidents

Supported fields

• ref_id

• name

• description

• domain

Live sessions

LinkedIn

Youtube

# Social medias

Users reviews

Blogs

One common challenge when dealing with audits is about being able to reuse your assessment on one framework to move to a different one. This commonly refered to as mapping or crosswalk between standards.

This capability is supported on CISO Assistant and allows the user to create a projection of the content of an audit, given that a mapping is available. Mapping are library objects that can be customized, imported and submitted to the community. To see the available ones, head to the libraries store and filter to mapping:

Mappings are essentially a representation of the links between assessable nodes of a framework, and for which we are using the convention documented on NIST's OLIR project.

Mapping is a directed graph linked a SRC framework to a TGT framework on which the nodes can have one of the following relationships:

To create yours, you can follow one of the examples on /tools or bootstrap a starter using the prepare_mappingscript.

To apply a mapping, you needt to first load a mapping from the library. Then, head to your audit and click on apply mappingand select the targeted framework and see the projected being created ✨.

Note: the apply mapping feature can also be reused to clone the audit and create a new revision, if the same framework and same scope are selected.

X-rays

X-rays is a very useful page to detect inconsistencies across your assessments for each perimeter. There are 3 type of reports:

• info: advice or reminder for status and relevant empty fields

• warning: potential errors to be determined by the user

• error: errors that must be corrected

Scoring Assistant

Trouble assessing your risk ? 🤔

Based on , scoring assistant is here to help you determine the risk level for your scenario. Choose between technical or business impact and select the appropriate answers to the questions.

Glossary

This is the end of the basic tutorial to start with CISO Assistant 🎬 You can go further by exploring its , or checking the directly on GitHub.

If you have a screenshot on your clipboard, you can directly paste it into the file field to have it as evidence instead of going through an intermediate file as illustrated below:

The recommendation system allow you to create applied controls and automatically assign them to your audit requirements, based on the reference controls of the catalog:

When new upgrades are available for a library, you can choose to pull the upgrade on your existing audits. This is pretty useful for applying nondestructive updates such as typo fixes, adding implementation groups, and so on.

If you want to delete a load library, make sure it's not used anywhere (for framework, that's an audit is not depending on them, for a risk matrix, that a risk assessment is not relying on it, etc.) and head to the loaded libraries section of your libraries (Governance/Libraries).

If the item is not used, it will show as "deletable" as below:

Multiple frameworks have their requirements organized into subgroups, mostly cumulative but not always. We introduced it in v1.3.x better support for such a concept using the concept of implementation groups from CIS, but with a generic implementation to cover both cases.

When creating a new audit with a framework that supports implementation groups (IG), you'll get a drop-down menu to select the ones you want to use. They can be combined to suit your needs. If no implementation group is selected, the audit will start with all the requirements, and you can still update it to add or remove other IG.

CyFun and CIS, and FedRamp have been updated to take advantage of this feature. Other relevant frameworks are currently being updated.

The graph explorer helps you understand and navigate the cross walks between the frameworks.

Documented providers

• Microsoft Entra ID

Configure CISO Assistant with OpenID Connect (OIDC)

Once you've retrieved the IdP Entity ID, the Metadata URL and the Entity ID from your provider (see the list of providers for specific details), the configuration on CISO Assistant is pretty simple.

1. Log in into CISO Assistant as an administrator > Extra > Settings
2. Navigate to SSO settings
3. Enable SSO
4. Select the OpenID Connect provider
5. Enter the Client ID
6. Enter the Client secret
7. Enter the Server URL

8. And that's it! Don't forget to click the 'Save' button

9. You should now be able to see the Login with SSO button

Don't find documentation on how to set up SSO with your identity provider? Feel free to reach out to us on Discord, or contribute to the docs.

Go into your Okta admin console (it should look like this: https://<your_url>.okta.com/admin/dashboard)

1. In the sidebar menu, click on Applications > Applications
2. Click now on Create App Integration
3. Select SAML 2.0 and click on Next
4. Choose an App name and click on Next
5. Add the Single sign-on URL: <base_url>/api/accounts/saml/0/acs/ (for example with localhost: https://localhost:8443/api/accounts/saml/0/acs/) (see screenshot below)

6. Add the Audience URI (SP Entity ID), it has to be the same than SP Entity ID in CISO Assistant (see screenshot below)

7. Choose Email as the Application username
8. Add Attribute Statements

   • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname for user's first name

   • http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname for user's last name

9. Click on Next and fill in the Feedback page as you wish then click on Finish
10. In the Settings box inside SAML 2.0:

    • Copy the Metadata URL and paste it into the Metadata URL field in CISO Assistant

    • Copy the Issuer url and paste it into the IdP Entity ID

11. Go to the Assignments tab
12. Click on Assign and choose whether you want to assign users or specific groups

You can now with the 3 parameters you've retrieved.

Go into Google Workspace Admin console

1. On the sidebar menu, go to Applications > Web and mobile applications
2. Click on Add an application > Add a custom SAML Application
3. Enter ciso-assistant or the name of your choice and click on continue
4. You can copy the SSO URL, Entity Id and x509 certificate here but you'll be able to retreive them later
5. Fill ACS URL with <base_url>/api/accounts/saml/0/acs/, enter the Entity ID which has to be the same than SP entity Id in CISO Assistant (ciso-assistant by default) and choose Email in Name ID Format
6. Add two mappings for First name and Last Name, fill them with those two values: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
7. On application home page, you can now find the Entity ID, SSO URL and x509 certificate

You can now with the 3 parameters you've retrieved.

Prerequisites

• A smartphone with an authenticator app installed

• Access to your account settings on CISO Assistant

Enable MFA

1. Sign in to your account and navigate to 'My profile'

1. Select the 'Settings' button

2. Look for the Security section and click 'Enable 2FA'

3. Set up your authenticator app:

Important: Save Your Recovery Codes

After enabling MFA, you'll receive a set of recovery codes. These codes are crucial for regaining access to your account if you:

• Lose your phone

• Uninstall your authenticator app

• Cannot access your authenticator app for any reason

Next Steps

• Test your MFA setup by logging out and back in

• Reach out for support if you encounter any issues during setup

You can now with the parameters you've retrieved.

Access security is a foundational aspect of any risk or compliance management platform. In this article, we’ll explore how authentication, authorization, and accounting — the three pillars of the AAA model — are structured and applied within CISO Assistant.

1. Authentication: SAML vs OIDC

CISO Assistant integrates with leading identity providers (IdPs) via SAML and OIDC, enabling secure and seamless single sign-on (SSO).

🔸 SAML

• legacy protocol based on XML

• common in large enterprises, especially for AD

• browser-based redirection with signed assertions

🔸 OIDC (OpenID Connect)

• modern standard built on OAuth2

• uses JWT tokens for identity transport

• also browser-based, but more lightweight and versatile

Recommendation: If your IdP supports both, prefer OIDC — it's more modern, flexible, and aligned with today’s security practices.

2. MFA

Multi-Factor Authentication (MFA) is critical for access protection. CISO Assistant supports MFA in two distinct modes, depending on how users authenticate:

🔸SSO-Based Authentication (SAML / federated OIDC)

• MFA is handled entirely by the identity provider (IdP)

• the IdP enforces the policy (push notifications, TOTP, biometrics, etc.)

🔸Local Authentication

• for local accounts, CISO Assistant includes native MFA

• based on TOTP (e.g., Google/Microsoft Authenticators)

3. Authorization: Structured and Hierarchical RBAC

CISO Assistant implements a robust Role-Based Access Control (RBAC) model that balances flexibility, clarity, and operational simplicity.

🔸 Fine-Grained Permissions

Each object type has granular CRUD permissions (create, read, update, delete). This model applies across all business entities: users, backups, risks, policies, incidents, data processing, and more. There are more than 200 permissions in CISO Assistant.

🔸 Predefined Roles

Permissions are grouped into a small set of standard roles:

• Administrator – full access to all objects and settings

• Analyst – full access to most objects, but cannot modify access control

• Viewer – read-only access

🔸 Hierarchical Domains

Roles are assigned within a domain — a flexible concept representing any relevant business context.

For example, a domain can represent:

• a legal entity

• a country or region

• a subsidiary

Domains are hierarchical: a role assigned to a parent domain (e.g., "Group") automatically applies to all its subdomains (e.g., subsidiaries, teams).

🔸 Role Assignments

Access control is defined via explicit assignments:

A role ➡️ on a domain ➡️ for a group of users

🔸 User Groups

Users do not have direct roles. They inherit permissions through membership in one or more groups.

Groups act as the central pivot for managing access:

• receive role assignments

• grant users permissions via group membership

• defined locally

• optionally synced with an IdP (via external plugin)

🚀 This simple yet powerful model accommodates the vast majority of real-world access scenarios. And when needed, the system is fully extensible: it supports custom roles, custom role assignments, and custom user groups to fit even the most specific organizational needs.

4. Machine Identity: Personal Access Tokens with Expiration & Control

CISO Assistant doesn’t just secure human access — it also supports secure, auditable access for automated systems and integrations through Personal Access Tokens (PATs).

🔸Definition

A Personal Access Token is a time-limited secret that allows a script, CI/CD pipeline, or service to authenticate with the platform's API on behalf of a user or machine identity — without requiring an interactive login.

🔸Key features

• time-bounded: expiration is mandatory

• RBAC-compliant: inherits the creator’s permissions

• revocable: can be revoked by user or admin

🔸Governance controls

• admins can restrict who may generate PATs

• all tokens are auditable and managed via UI or API

This ensures tight control over non-human access, balancing automation flexibility with strict security hygiene.

5. Accounting: Full Audit and Traceability

CISO Assistant includes native tracking of all key actions:

• logins, restorations, configuration changes, approvals…

• a searchable audit log accessible via the UI or API

This enables complete accountability over critical operations.

🧠 In Summary

CISO Assistant's AAA model is built on:

• Open standards (SAML, OIDC, TOTP, RBAC)

• A structured yet manageable authorization system

• secure automation through scoped, revocable Personal Access Tokens (PATs)

It supports complex organizations while remaining readable, scalable, and compliant with modern security expectations.

Note on inheritance

Multiple objects of CISO Assistant support a built-in flag called is_published that controls wether an object is visible by affiliated domais ins. This flag is set by default tochildren'sd quite useful to be able to benefit children domains from some controls or evidence covered on their parent domains.

It's expected by Q2/26 to be able to control the behaviour of inheritance in a more fine-grained manner, such as preventing it or managing it between domains with no direct affiliation.

Expected outcome

• define your metrics or import their definition

• instantiate them on your domains

• feed data to your metric instances

• create dashboards with builtin and custom metrics

Key concepts

Metric definitions

Consider metric definition as a template of your metric. It serves as the guideline of the actual metric instance that you will track accross your domains.

Importing definitions

1. Introduction

You will learn how to import off-the-shelf metrics definitions on CISO Assistant.

2. Open Metric Definitions

Click "Metric definitions".

3. Click import

Click here to proceed to the next menu.

4. Import the library matching your criteria

You can also preview the content before importing it.

5. Return to Metric Definitions

Click "Metric definitions" to revisit the main metrics page.

6. Look for the metric definition you want

Click "Search..." to begin finding specific metrics.

7. Select The Specific Metric

You can now instantiate this metric as you see fit for your domains.

You can now instantiate this metric as needed across your domains. Keep in mind that you can also create your own metric definition directly without going through the library.

Creating a definition

Metrics can be quantitative (number with unit) or qualitative (choices):

You can add your options during declaration or afterward:

The "higher is better" setting is used to indicate if the trend is a good thing or not.

Metric instance

The metric instance is the projection of the definition to a specific domain and it's what you'll be tracking.

Parameters:

• Metric definition (it will inherit its settings)

• Domain: the scope of this metric

• Status: lifecycle of the metric. The stale is specially interesting as the application will auto-toggle it according to the data freshness

Metric sample

This is the actual data of the metric instance on a given timestamp.

Keep in mind that you can add the data manually or through all the supported integrations (API, n8n, etc.). Note that data cannot be in the future.

Dashboards

Dashboards are the visual representation of the metrics and support:

• custom metrics instance (multiple charts)

• built-in metrics (multiple charts)

• markdown text widget

In edit mode, you can add different widgets, place and resize them as you see fit:

Once done, you can go back to view mode to see the result:

In addition to the custom metrics for your internal KPI and KRI, you can also include some of the built-in metrics tracked by the platform:

Those are updated on each change of your data and tracked as daily metrics.

Custom roles for CISO Assistant

Learn how to create and customize roles such as DPO and OPS within your organization

Sign in as an Admin on your CISO Assistant instance and follow the steps below.

1. Introduction

This guide walks you through setting permissions and assigning user groups to streamline your CISO Assistant's role management.

2. Click "Organization"

Navigate to the Organization section to begin managing your team's roles.

3. Click "Roles"

Access the Roles tab to view and modify existing roles.

4. Click here

Initiate creating a new role by selecting the option to add one.

5. Fill "DPO"

Enter the name for the new role, such as 'DPO', to define its identity.

6. Click "Save"

Save the newly created role to confirm its addition to your organization.

7. Click here

Open the permissions settings for the new role to customize access.

8. Click here

Expand the permissions list to view all available options.

9. Click "Select all"

Select all permissions to grant comprehensive access to the role.

10. Click "Save"

Save the permission settings to apply them to the role.

11. Click here

Start creating another role by selecting the add role option again.

12. Fill "OPS"

Name this role, for example 'OPS', to specify its function.

13. Click "Save"

Save the role to add it to your organization's role list.

14. Click here

Access the permissions for the newly created role to tailor its access.

15. Click here

Open the detailed permissions menu to adjust specific controls.

16. Click here

Select the option to edit applied controls for fine-tuning.

17. Click "Edit applied control"

Modify the applied control by entering a specific control number, such as '205'.

18. You can select an individual permission

Confirm the changes made to the applied control settings.

19. Click here

View the applied control details to verify the configuration.

20. Click here

Update the applied control with another control number, like '207', if needed.

21. Click here

Return to the permissions overview to continue adjustments.

22. Or you can click "Select all"

Select all permissions to ensure full access for the role.

23. Click "Save"

Save all permission changes to finalize the role's capabilities.

24. Click "User groups" to see your newly added roles

Switch to the User Groups section to manage group memberships.

26. Click "Users"

Navigate to the Users tab to assign roles to individuals.

27. Click here

Select a user to modify their group memberships and roles.

28. Click here

Open the user's group assignment settings to begin editing.

29. Fill "OPS"

Enter the role name, such as 'OPS', to assign it to the user.

30. Click "ACME - OPS"

Choose the corresponding user group, like 'ACME - OPS', for the role.

31. Fill "DPO"

Input another role name, for example 'DPO', for additional assignments.

32. Click "Global - DPO"

Select the matching user group, such as 'Global - DPO', for this role.

33. Pick your user groups

Review all assigned user groups and roles to ensure accuracy.

34. Click "Save"

Save the user group and role assignments to complete the process.

This guide detailed how to create and configure custom roles like DPO and OPS, assign comprehensive permissions, and manage user group memberships effectively. It ensures your organization’s roles are tailored and users are properly assigned for optimal access control.

For now, it is not possible to create custom role assignments so you need to use built-in user groups. They are linking a domain with a role which contains precise permissions, that will be given to users in this group.

Roles

Let's give some details on the 5 built-in roles: